Weekly Cybersecurity News
Ayushman Singh
Community Manager
We share this week’s important news of current events in the world of cybersecurity that directly or indirectly impact our lives as well as operations of businesses, various institutions and organizations, and governments-nation states in this highly digitalized and interconnected world.
Scammers exploit tax season anxiety with AI tools:A report reveals that a quarter of Americans have fallen victim to online tax scams, with significant financial losses. Cybercriminals are increasingly using AI tools like deepfake technology to deceive individuals, posing challenges in spotting fraudulent content. Despite this, many Americans lack confidence in identifying tax-related scams and fail to take proactive measures to protect themselves. Report stresses the importance of vigilance and good cyber hygiene during tax season to prevent falling victim to these pervasive threats.
Over 100 US and EU orgs targeted in StrelaStealer malware attacks:A recent report by Palo Alto Networks’ Unit42 reveals that over 100 organizations in the US and Europe have been targeted in a large-scale StrelaStealer malware campaign. StrelaStealer, initially observed in November 2022, primarily steals email credentials from Outlook and Thunderbird users. While it initially targeted Spanish-speaking users, it now focuses on English and other European languages. The malware is distributed through phishing emails, with an uptick in activity noted since November 2023. It primarily targets high-tech, finance, legal services, and other sectors. The latest version employs new infection methods and obfuscation techniques to evade detection. Users are advised to exercise caution with unsolicited emails and avoid downloading attachments from unknown sources.
The United States has imposed sanctions on two individuals and five entities associated with the Intellexa Consortium for their involvement in developing, operating, and distributing the commercial spyware technology known as Predator. The sanctions target Intellexa Consortium’s Israeli founder, Tal Jonathan Dilian, and Polish corporate specialist, Sara Aleksandra Fayssal Hamou. The designated companies, operating in North Macedonia, Hungary, Ireland, Greece, and the United Kingdom, were involved in the distribution of Intellexa’s commercial spyware technologies, particularly the ‘Predator’ product. The sanctions freeze U.S.-based assets linked to the designated individuals and entities, with violators facing significant legal and financial consequences. The move underscores the U.S. government’s commitment to countering the misuse of spyware technology and serves as a deterrent to organizations in U.S.-allied countries from engaging with sanctioned entities.
Spain suspends Telegram ban to investigate impact on users:Spain’s High Court has suspended its order to block messaging app Telegram’s services in the country, following complaints from media companies about unauthorized TV and video content uploads. Judge Santiago Pedraz issued the order for a temporary ban but has now halted it to investigate its potential impact on users. Telegram, known as a secure alternative to WhatsApp, has around eight million users in Spain. The ban sparked criticism and accusations of limiting free speech, prompting an investigation into its necessity. The EU’s increased scrutiny on tech giants is evident, with recent actions against companies like Google and Worldcoin over data privacy concerns. Telegram, founded in 2013, has faced criticism for allowing various illicit activities on its platform.
Apple is facing a new antitrust lawsuit that could dethrone the iPhone:The Biden administration has filed a major antitrust lawsuit against Apple, alleging that the company maintains a monopoly on the US smartphone market with its iPhone. The lawsuit, joined by 16 state attorneys general, accuses Apple of deliberately obstructing apps, products, and services that could facilitate user switching to other smartphones and reduce costs for consumers and developers. Apple argues that the lawsuit sets a dangerous precedent and infringes on people’s technological autonomy. The case highlights a broader trend of increased antitrust scrutiny on big tech companies, with implications for competition and innovation in the smartphone market.
US fines man $9.9 million for thousands of disturbing robocalls:A federal court in the United States has imposed a penalty of $9.9 million and issued an injunction against Scott Rhodes for orchestrating thousands of deceptive robocalls across the country. These robocalls, often employing spoofing techniques to disguise the caller’s identity, targeted specific regions with inflammatory and disturbing messages, including areas affected by high-profile incidents such as murders and rallies. Rhodes’ actions were deemed illegal and malicious by the U.S. Department of Justice, resulting in significant fines and legal consequences under the Truth in Caller ID Act and Telephone Consumer Protection Act. This case underscores the ongoing efforts of authorities to combat the misuse of robocall technology and protect consumers from harassment and fraudulent activities.
Google’s new AI search results promotes sites pushing malware, scams:Google’s new AI-powered search algorithm, called ‘Search Generative Experience’ (SGE), is recommending spammy and malicious sites in search results. These sites lead visitors to malware, browser spam subscriptions, and tech support scams. Despite Google’s efforts to combat spam, the SGE algorithm is promoting these harmful sites, potentially increasing the risk of users falling victim to scams. Users are advised to verify sites before visiting them and unsubscribe from unwanted browser notifications to stay safe online.
UK calls out China state-affiliated actors for malicious cyber targeting of UK democratic institutions and parliamentarians:The UK government has accused China state-affiliated actors, particularly APT31, of targeting UK democratic institutions and parliamentarians through malicious cyber activities. APT31 is believed to have conducted online reconnaissance against the email accounts of UK parliamentarians in 2021. Additionally, a separate incident involving the compromise of systems at the UK Electoral Commission has also been attributed to a China state-affiliated actor. The National Cyber Security Centre (NCSC) urges organizations involved in democratic processes to follow their guidance to enhance cybersecurity measures. The NCSC has released updated guidance for political organizations and entities coordinating elections to help mitigate cyber threats, including advice on defending against spear-phishing and implementing multi-factor authentication. The NCSC emphasizes the importance of defending against cyber threats to safeguard democratic institutions and values.
EV Charging Firms Rush to Add Cyber Shields to New Products in U.K.:EV charging firms in the UK are rushing to enhance cybersecurity measures in their products due to a regulation that came into effect in 2022. This regulation requires protections against tampering, prompting companies to redesign their home EV chargers. Spanish company Wallbox, for instance, is discontinuing one product in the UK and adding cybersecurity features to others. Compliance with the regulation is challenging but necessary, as violations could result in fines and product recalls. Additionally, compliance prepares companies for upcoming EU laws regulating EV charging and critical infrastructure security. Similar efforts are also being made in the US to protect electric vehicles from cyber threats.
The state of ransomware: Faster, smarter, and meaner:In 2023, ransomware attacks reached unprecedented levels, totaling $1.1 billion in payments, despite declining payment rates, as attackers capitalized on new AI tools and techniques to enhance their impact. Phishing remained the primary attack vector, with social engineering tactics persistently successful despite cybersecurity training efforts. AI-generated phishing attempts surged, enabling attackers to mimic executives’ communication styles and create convincing deep-fake videos for social engineering. Exploitation of vulnerabilities in public-facing applications increased, with attackers adopting new tactics like “triple extortion” to pressure victims. Companies responded by deploying AI-powered security tools for detection and response, yet the rise of ransomware-as-a-service providers posed a challenge, prompting shifts in the criminal ecosystem. Despite these challenges, organizations must remain vigilant and invest in cybersecurity measures to counter evolving ransomware threats effectively.
New Gmail Security Rules — You Have 7 Days To Comply, Google Says:Google will enforce new Gmail security rules starting April 1 to combat spam and enhance user security. Bulk senders, defined as those sending close to 5,000 messages or more to personal Gmail accounts within 24 hours, must adhere to strict authentication requirements. These measures aim to prevent malicious actors from using unauthenticated or compromised domains to deliver harmful payloads. Compliance with these rules, including authentication through established protocols, is crucial to ensure effective email communication and protection against spam and security threats.
Samsung Issues Critical Update For Millions Of Galaxy Users:Samsung issues a critical update for millions of Galaxy users, urging them to install it promptly to address high-risk vulnerabilities. The update, part of Samsung’s March security rollout, includes seamless updates, a new system that downloads and installs updates in the background to reduce device downtime. This marks Samsung’s adoption of Google’s A/B system updates, enhancing device reliability and reducing the likelihood of inactive devices after updates. While seamless updates simplify the process for users, Samsung’s update complexity and device compatibility remain areas of uncertainty. The move follows pressure from the Android Open Source Project to adopt seamless updates, signaling potential changes in Samsung’s update strategy. Despite progress, achieving the simplicity of Apple’s update process remains a distant goal.
The DOJ Puts Apple’s iMessage Encryption in the Antitrust Crosshairs:The Department of Justice (DOJ) has filed an antitrust lawsuit against Apple, alleging monopolistic practices that harm consumers. In the lawsuit, the DOJ argues that Apple’s selective embrace of privacy and security features, such as end-to-end encryption in iMessage, serves its financial interests and restricts competition. While Apple has been lauded for its privacy efforts, critics argue that its refusal to extend iMessage encryption to Android users undermines overall messaging security. Apple contends that it designs products to protect privacy and security and rejects the lawsuit’s allegations. The lawsuit highlights broader questions about the role of tech giants in setting privacy standards and suggests the need for comprehensive data privacy legislation.
In 2023, ransomware attacks reached unprecedented levels, totaling $1.1 billion in payments, despite declining payment rates, as attackers capitalized on new AI tools and techniques to enhance their impact. Phishing remained the primary attack vector, with social engineering tactics persistently successful despite cybersecurity training efforts. AI-generated phishing attempts surged, enabling attackers to mimic executives’ communication styles and create convincing deep-fake videos for social engineering. Exploitation of vulnerabilities in public-facing applications increased, with attackers adopting new tactics like “triple extortion” to pressure victims. Companies responded by deploying AI-powered security tools for detection and response, yet the rise of ransomware-as-a-service providers posed a challenge, prompting shifts in the criminal ecosystem. Despite these challenges, organizations must remain vigilant and invest in cybersecurity measures to counter evolving ransomware threats effectively.
Feds Ordered Google To Unmask Certain YouTube Users. Critics Say It’s ‘Terrifying.’:The federal government has issued court orders to Google, demanding information on viewers of specific YouTube videos, sparking concerns about privacy and constitutional rights. In one case, undercover cops sought information on a user suspected of illicit activities, leading to requests for viewer data from Google. Privacy experts argue that these orders are unconstitutional and raise concerns about government overreach and the erosion of free speech and privacy rights. Google maintains that it rigorously evaluates law enforcement requests for user data to protect privacy and constitutional rights.
Cybersecurity experts harness AI to safeguard mobile apps against emerging threats:Cybersecurity professionals are increasingly turning to artificial intelligence (AI) to enhance mobile app security in the face of emerging threats like spyware and phishing attacks. AI algorithms can help identify and mitigate malware and other threats before they impact users, outperforming traditional security measures. Tools like GitHub’s Copilot use AI to assist developers in writing secure code for mobile apps, while AI can also detect anomalies in user behavior to identify potential fraud. However, there are pitfalls to using AI in cybersecurity, including the risk of false positives and the possibility that cybercriminals could use AI to develop new attack scenarios. To maximize the effectiveness of AI in mobile app security, experts recommend using high-quality datasets for training, continuously updating AI models, and integrating AI into security tools. Users can also improve their app security by securing accounts with unique passwords, using multifactor authentication, and regularly updating software.
Identity theft scammers target innocent children:There has been an alarming rise of identity theft targeting children, and scammers exploiting their clean financial records. Various tactics used by fraudsters to acquire sensitive information about minors include combing through social media, data leaks, and purchasing data from the dark web. Crucial steps parents can take to protect their children’s financial future include freezing their credit, questioning before sharing personal information, securing personal documents, using identity theft protection services, and installing antivirus software on their devices.
Scams are becoming more convincing and costly:Visa reports a surge in scams targeting consumers, characterized by increased complexity and volume, despite a decrease in individual scam reports. This discrepancy suggests a higher effectiveness of the scams, resulting in greater financial losses for victims. Utilizing generative AI and other emerging technologies, scammers engage in various schemes, including pig butchering scams, inheritance scams, humanitarian relief scams, and triangulation fraud. These scams exploit victims’ emotions and vulnerabilities, leading to significant financial losses, with some scams costing billions of dollars. Moreover, threat actors are increasingly targeting organizations and networks, exploiting vulnerabilities and utilizing AI to identify weaknesses in fraud controls.
Tech industry’s focus on innovation leaves security behind:Trustwave warns that the rapid innovation in the technology industry is leaving companies vulnerable to cyber threats. With a focus on progress over security, the sector faces challenges in implementing adequate measures to protect against attacks. Cybercriminals are leveraging AI for sophisticated multi-channel attacks, including phishing with deepfake videos. Additionally, technology firms are frequent targets in supply chain attacks, and modern ransomware tactics involve data theft for extortion. Trustwave stresses the importance of integrating security measures throughout the technology lifecycle to mitigate risks effectively.
Google: Spyware vendors behind 50% of zero-days exploited in 2023Google’s Threat Analysis Group (TAG) and Mandiant reported a substantial increase in zero-day vulnerabilities exploited in attacks in 2023, with 97 instances recorded, over 50% attributed to spyware vendors and their clients. While financially motivated actors used ten zero-days, Chinese cyber espionage groups exploited 12, and at least four ransomware groups targeted four zero-days. Notably, commercial surveillance vendors (CSVs) were responsible for 75% of known zero-day exploits targeting Google products and the Android ecosystem, amounting to roughly 50% of all such flaws exploited in 2023. Google urged high-risk users to enable security features like Memory Tagging Extension (MTE) and Lockdown mode, while recommending Chrome users to activate “HTTPS-First Mode” and disable the v8 Optimizer to mitigate potential security vulnerabilities. Additionally, the company suggested enrollment in its Advanced Protection Program (APP) for enhanced account security. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently sanctioned spyware operators, and the U.S. State Department announced a visa restriction policy targeting individuals linked to commercial spyware.
New Darcula phishing service targets iPhone users via iMessage:A new phishing-as-a-service (PhaaS) called ‘Darcula’ is targeting iPhone users via iMessage, utilizing 20,000 domains to spoof brands and steal credentials from both Android and iPhone users across more than 100 countries. Unlike traditional SMS-based tactics, Darcula employs the Rich Communication Services (RCS) protocol for Google Messages and iMessage, making the phishing messages appear more legitimate. The service offers over 200 phishing templates impersonating various organizations, with high-quality landing pages tailored to local languages and content. While RCS and iMessage support end-to-end encryption, making interception and blocking of phishing messages difficult, cybercriminals are attempting to circumvent platform restrictions by creating multiple Apple IDs and using device farms to send messages. However, a safeguard in iMessage requiring recipients to reply before clicking on links may pose a challenge for attackers. Users are advised to remain cautious of suspicious messages and to watch for signs of phishing attempts, such as grammatical errors or urgent requests for action.
In-app browsers are still a privacy, security, and choice problem:The Register’s recent report delves into the escalating regulatory scrutiny in Europe and the UK concerning in-app browsers, driven by concerns raised by Open Web Advocacy (OWA) regarding tech giants’ manipulation of users’ default browser preferences. In-app browsers, while having legitimate purposes, present significant privacy and security risks, including overriding user choices, potential for code injection and traffic interception, and inhibiting the use of ad-blockers and tracker blockers. Despite opt-out options provided by companies like Meta (formerly Facebook), worries persist about user control and privacy implications. Regulatory intervention is anticipated, particularly in Europe, to address these concerns and ensure fair competition and user autonomy in the digital landscape, though the issue involves complex considerations regarding developer and user choice within native apps.
Apple users targeted by sophisticated phishing attack to reset their ID password:Apple users are being targeted by a sophisticated phishing attack aimed at resetting their Apple ID passwords. This attack exploits a bug in the Apple ID password reset feature, flooding users’ devices with password reset requests in what’s known as “push bombing” or “MFA fatigue” techniques. Victims receive numerous password reset notifications, rendering their devices unusable until interacted with. Subsequently, they may receive calls from individuals posing as Apple Support, armed with accurate personal details obtained from data breaches, aiming to gain the victim’s trust. To prevent such attacks, users are urged never to share the reset code sent by Apple with anyone. While Apple has yet to address this issue officially, vigilance in safeguarding personal information remains crucial.
How to catch iMessage impersonators with Contact Key Verification:Contact Key Verification (CKV) is an iMessage security feature introduced in iOS that provides users with additional assurance regarding the identity of their message recipients. When activated, CKV alerts users if iMessage key distribution services detect unverified device keys, potentially indicating unauthorized access to the iMessage account. This feature, although not yet subjected to any known attacks, reflects Apple’s proactive approach to enhancing user security. Enabling CKV on iOS devices involves navigating to Settings, selecting the user’s name, scrolling to Contact Key Verification, and toggling the Verification in iMessage option. This feature does not diminish the functionality of iMessage or the device overall, making it a potentially widely adopted security measure for iPhone users.
Is Apple’s new Journal app a major privacy nightmare?Apple’s new Journal app has raised concerns regarding potential privacy infringements. Serving as a digital diary, the app captures various media and location data to prompt users to document their experiences. While social media rumors have sparked concerns, the app’s Journaling Suggestions are generated based on app usage and users maintain control over included data, with entries being end-to-end encrypted, ensuring privacy. Moreover, the Discoverable By Others feature does not share personal information but notifies users of nearby contacts with the app. However, there is a less-discussed privacy risk: the visibility of a smartphone’s name when acting as a Wi-Fi hotspot, potentially exposing users’ identities. Users are advised changing the phone’s name to mitigate this risk, emphasizing the importance of safeguarding personal information amidst technological advancements.
AI weaponization becomes a hot topic on underground forums:There has been an increasing use of artificial intelligence (AI) by cybercriminals to enhance their attack techniques. According to ReliaQuest, a majority of cyberattacks target organizations through social engineering tactics, with phishing being the most common method, including a notable rise in QR code phishing. Criminals are leveraging AI to automate various stages of their attacks, such as creating voice and video-call deepfakes and developing sophisticated malware like FraudGPT and WormGPT. Financial theft remains the primary objective of cybercriminals, with extortion activity witnessing a significant increase. The threat posed by nation-state actors using ‘living off the land’ (LotL) techniques to conceal their activities. To combat these evolving threats, organizations are urged to adopt AI and automation for defense and threat intelligence, as well as enhance their network visibility. The future of cybersecurity is expected to be influenced by the proliferation of AI and automation in cyberattacks, requiring organizations to stay agile and proactive in their defense strategies.
Cybercriminals use cheap and simple infostealers to exfiltrate data:There has been a rise of identity-based attacks due to a surge in malware usage, particularly infostealer malware. Researchers found that 61% of data breaches in 2023 were related to infostealer malware, compromising over 343 million credentials. These stolen credentials contain sensitive information, making individuals vulnerable to various cybercrimes such as account takeover, fraud, and ransomware. Additionally, mobile malware is increasing as an attack vector, with nearly 200 different types of personally identifiable information being recaptured in 2023. The report also emphasizes the prevalence of password reuse and the influence of pop culture on password choices. Noteworthy data leaks in 2023 include WhatsApp, Twitter (now X), Luxottica, and UnionPay China. There is a need for multi-layered approach to cyber defense, including identifying exposed identities and immediate post-infection remediation to prevent future cyberattacks.
Researchers uncover new security threat against routers and smart devices:A recent hacking campaign that infected over 6,000 Asus routers in less than 72 hours. The campaign targeted end-of-life routers and smart devices, resurrecting the well-known botnet called TheMoon. The infected devices were used to launch cyberattacks and route malicious internet traffic through a proxy service called Faceless. Lumen Technologies, the communications provider, has observed multiple campaigns targeting home and small-business routers in the past two years. Researchers suspect that the resurgence of TheMoon and its connection to Faceless may be linked to increasing law enforcement efforts against cybercrime. Lumen has taken steps to block access to the infected devices, and consumers are advised to install security updates for their routers.
Viruses are the most popular type of malware — and Apple devices are most at risk:A recent report by Surfshark has found that just five types of malware account for nearly 80% of all threats detected, with viruses being the most common type. Interestingly, Apple devices, previously thought to be immune, are now being affected, particularly by the “Proxy.Agent” virus. Trojans, Potentially Unwanted Applications (PUAs), heuristic threats, and adware round out the top five. This data highlights the importance of robust security measures for all devices, including those from Apple.
Chinese shopping app offers £50 sign-up reward if customers hand over personal details for life:The Chinese shopping app, Temu, is offering a £50 cash reward to new sign-ups, contingent upon users providing their personal details for life. This offer has sparked concerns among experts regarding data privacy and security. While the promotion has gone viral on social media, with many users sharing Temu codes to avail the reward, the terms and conditions reveal that users are required to relinquish significant personal information, including their photo, name, voice, and biographical details, among others. This data can be used by Temu worldwide, indefinitely, without further review, notification, payment, or consideration. While users can opt out, experts worry about the potential misuse of such sensitive data and the implications for privacy and national security, especially given recent revelations of Chinese hacking plots targeting government officials. Temu defends its practices, stating that user information is collected solely to improve its service and customer experience, and it does not sell user information. However, concerns persist regarding the coercive nature of incentivized consent and the potential risks associated with data transfers to third parties.
Facebook snooped on users’ Snapchat traffic in secret project, documents reveal:In 2016, Facebook initiated a covert project called “Project Ghostbusters” aimed at intercepting and decrypting network traffic between users of Snapchat’s app and its servers. The objective was to gain insights into user behavior and enhance Facebook’s competitive position against Snapchat. This revelation comes from recently unsealed court documents as part of a class action lawsuit against Meta, Facebook’s parent company. The project involved utilizing Facebook’s Onavo VPN service to intercept traffic and analyze user interactions with Snapchat, YouTube, and Amazon. While some Facebook employees expressed concerns about the ethical implications of the project, it continued, leading to legal scrutiny and criticism. The documents shed light on Facebook’s aggressive tactics to gather data on competitors and underscore the ongoing challenges related to privacy and data security in the digital age.
Free VPN Apps on Google Play Turn Phones into Proxies:The rise of free VPN apps on Google Play has raised concerns about their involvement in a malicious residential proxy operation known as ‘Proxylib.’ These apps, including Oko VPN and Fast Fox VPN, were found to covertly enroll users’ devices as proxy nodes, potentially exposing them to activities like ad fraud, bot usage, or malware distribution. While Google has removed some of these apps, the underlying SDK promoting this scheme persists, posing ongoing risks to users’ privacy and security. This incident underscores the inherent risks associated with free VPN apps, including data logging, weaker encryption, and the potential misuse of user devices for nefarious purposes. As such, users are advised to exercise caution and consider using reputable VPN services with robust privacy protections.
Relevant tags:
Published on Medium